On Sunday 17 February 2008, Rune Tønnesen wrote: > Robert skrev: > > On Saturday 16 February 2008, Doug VanLeuven wrote: > >> Robert wrote: > >>> I've having trouble getting XP SP2's to join a domain. Whenever I try > >>> to join, at the point I'm asked for a user name and password with > >>> permission to join the domain, I enter root and root's password, then > >>> get the dreaded "Unknown user or bad password" error message. > >>> > >>> The clients are a mixed bunch with some 98's, 1 Win2K, a few XP SP1 (I > >>> know, I know!, but it's not a priority to management who has me > >>> fighting other fires), and the rest being XP SP2. I *ONLY* get the > >>> error with XP SP2. The Win2K and SP1 all join no problem, so it > >>> shouldn't be a problem with the Samba PDC or the config file else none > >>> should be joining. The 98's aren't a problem of course. In fact, for > >>> reasons I can't figure out, 2 of the SP2's joined too. What is stopping > >>> the SP2's from joining? > >>> > >>> I've tried creating the machine accounts by hand, but that had no > >>> effect. I cranked up the logging and it looks to me like root > >>> authenticates correctly, but I still get the error. > >>> > >>> Background: The original Samba PDC machine was getting old so > >>> management decided to trash it. I was tasked with putting together a > >>> replacement machine. I am using Kubuntu 7.10 (Gutsy) with Samba > >>> 3.0.26a. I disconnected the client machines from the domain (switched > >>> them to workgroup), then tried to reconnect with the new server online. > >>> The old server is physically gone. > >>> > >>> As I stated, only the XP SP2's are not joining. I'm including my > >>> smb.conf, but considering the XP SP1's and the one Win2K (which is > >>> actually running as a virtual machine with XP SP2 as a host OS; this XP > >>> SP2 won't join) all join, the config file should be correct, and I have > >>> a root user in my smbpassword file, and I'm typing the password > >>> correctly. Therefore it has to be something to do with the SP2's. > >>> Possibly some registry setting??? Right now the XP SP2's are running as > >>> workgroup computers. > >>> > >>> Yes, the old domain and new domain name are the same, but I've already > >>> tried changing the new name to something different then joining but > >>> with no luck. > >>> > >>> #======================= Global Settings > >>> ===================================== [global] > >>> debug level = 2 > >>> workgroup = hap > >>> netbios name = linuxII > >>> hosts allow = 192.168.1. 127. > >>> printcap name = cups > >>> load printers = yes > >>> printing = cups > >>> guest account = pcguest > >>> log file = /var/log/samba/log.%m > >>> max log size = 50 > >>> security = user > >>> encrypt passwords = true > >>> passdb backend = tdbsam > >>> unix password sync = yes > >>> passwd program = /usr/bin/passwd %u > >>> passwd chat = *New*UNIX*password* %n\n > >>> *ReType*new*UNIX*password* > >>> %n\n*passwd:*all*authentication*tokens*updated*successfully* username > >>> map = /etc/samba/smbusers > >>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > >>> interfaces = 192.168.1.8/32 127.0.0.1/32 > >>> bind interfaces only = true > >>> local master = yes > >>> os level = 34 > >>> domain master = yes > >>> preferred master = yes > >>> domain logons = yes > >>> logon script = home.bat > >>> logon path = \\%L\profiles\%U > >>> logon home = \\%L\%U > >>> logon drive = H: > >>> name resolve order = wins lmhosts bcast > >>> wins support = yes > >>> wins proxy = yes > >>> hide dot files = yes > >>> deadtime = 15 > >>> disable spoolss = yes > >>> show add printer wizard = no > >>> add machine script = /usr/sbin/useradd -d /dev/null -s /bin/false %u > >>> time server = yes > >>> #======================== Share Definitions ========================= > >>> > >>> [homes] > >>> comment = Home Directory > >>> browseable = no > >>> writable = yes > >>> > >>> # Un-comment the following and create the netlogon directory for Domain > >>> Logons [netlogon] > >>> comment = Net > >>> > >>> Logon Service > >>> path = /home/netlogon > >>> guest ok = yes > >>> writable = no > >>> #...Lots more shares...<snip> > >>> #=========================end config file============================= > >> > >> Since it's just XP SP2, you might want to look at the XP firewall > >> settings that were added by default during the SP2 update. Get there > >> Control Panel/Windows Firewall. In there is file and printer sharing > >> blocking on by default for notebooks and computers directly on the > >> internet. Maybe you already looked at this. Nothing else stands out. > >> > >> Regards, Doug > > > > It's a good thought. I'll check it, but I don't think that's the problem. > > As I said, the XP SP2's are functioning as workgroup computers for now, > > so the users can access their home shares just fine. Unless I'm badly > > mistaken, file and printer sharing blocking, if on, should block this > > too. > > Hi Robert > > I've think i found the solution to your problem. what is the name of the > workgroup, it's not in your smb.conf? > Since the SP2 pc's are in a workgroup with the same name as your > domainname they need to be taken out of the that particular workgroup > before you can join them to your domain. To join them to your domain do > as follows: > > 1. Make a workstation member of a workgroup with a name differet to > your domainname e.g. testgroup > 1. make sure it doesn't have any connection to file and > printershares in the old workgroup > 2. restart > 2. Join the domain you want. > 1. restart to make the domain join work.
I finally got back there and tried this. No joy :( I don't think this is the problem anyway as I was there installing a new computer from Dell (an XP SP2), and the first thing I did after getting it up was to try and join the domain. Same error. As this computer had never been on the network before, I doubt it was a name clash. If it helps anyone help me, I cranked up the logging. Here's what I got when trying to join the domain in the log.<computername> file: [2008/02/19 22:48:58, 2] smbd/sesssetup.c:setup_new_vc_session(1200) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2008/02/19 22:48:58, 2] smbd/sesssetup.c:setup_new_vc_session(1200) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2008/02/19 22:48:58, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded [2008/02/19 22:48:58, 2] lib/access.c:check_access(323) Allowed connection from (192.168.1.57) Obviously, the "check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded" tells me root does exist and I did enter the correct password...So why does XP SP2 lie to me and say I didn't? -- Fail to learn history-repeat it. Fail to learn rights-lose them. Learn both-get screwed by previous two groups. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
